Tomcat JSS Installation

From Dogtag
Revision as of 23:08, 14 February 2022 by Edewata (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Installation

To install JSS Connector package:

$ dnf install tomcatjss

Installing JSS Connector

Create NSS database:

$ cd /usr/share/tomcat
$ echo Secret.123 > password.txt
$ mkdir -p nssdb
$ certutil -N -d nssdb -f password.txt
$ chown -R root.tomcat nssdb
$ chmod -R g+rw nssdb
$ echo "sslserver" > serverCertNick.conf
$ echo "internal=`cat password.txt`" > password.conf

Then create a self-signed SSL server certificate.

Create links to JSS Connector library:

$ mkdir -p common/lib
$ ln -s /usr/lib64/jss/jss4.jar common/lib
$ ln -s /usr/share/java/commons-lang.jar common/lib
$ ln -s /usr/share/java/commons-logging.jar common/lib
$ ln -s /usr/share/java/tomcatjss.jar common/lib

Edit $CATALINA_BASE/conf/catalina.properties to include JSS Connector library:

common.loader="${catalina.base}/lib","${catalina.base}/lib/*.jar","${catalina.home}/lib","${catalina.home}/lib/*.jar","${catalina.base}/common/lib/*.jar"

Uncomment the SSL connector in $CATALINA_BASE/conf/server.xml and add JSS Connector parameters as follows:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
           maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS"
           sslImplementationName="org.apache.tomcat.util.net.jss.JSSImplementation"
           serverCertNickFile="/usr/share/tomcat/serverCertNick.conf"
           passwordFile="/usr/share/tomcat/password.conf"
           passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile"
           certdbDir="/usr/share/tomcat/nssdb"
/>

References